insecurity in information technology - usenix enigma edition

42
Insecurity in Information Technology Tanya Janca [email protected] OWASP Ottawa Chapter Leader OWASP DevSlop Project Leader @SheHacksPurple

Upload: tanyajanca

Post on 21-Jan-2018

138 views

Category:

Technology


4 download

TRANSCRIPT

Page 1: Insecurity in Information Technology - USENIX Enigma Edition

Insecurity in Information Technology

Tanya [email protected]

OWASP Ottawa Chapter Leader

OWASP DevSlop Project Leader

@SheHacksPurple

Page 2: Insecurity in Information Technology - USENIX Enigma Edition
Page 3: Insecurity in Information Technology - USENIX Enigma Edition
Page 4: Insecurity in Information Technology - USENIX Enigma Edition
Page 5: Insecurity in Information Technology - USENIX Enigma Edition

All of this creates the feeling of insecurity about people’s jobs and how to do them well.

This leads to predictably negative behaviour.

Page 6: Insecurity in Information Technology - USENIX Enigma Edition

Deviant Behaviour

Page 7: Insecurity in Information Technology - USENIX Enigma Edition

Moral Disengagement

Page 8: Insecurity in Information Technology - USENIX Enigma Edition

Reduced Job Involvement

Page 9: Insecurity in Information Technology - USENIX Enigma Edition

Risk Taking Behaviour

Page 10: Insecurity in Information Technology - USENIX Enigma Edition

Reduction of Organizational Citizenship Behavior

(positive workplace activity and involvement)

Page 11: Insecurity in Information Technology - USENIX Enigma Edition

All of this negative behavior leads to insecure software.

Page 12: Insecurity in Information Technology - USENIX Enigma Edition
Page 13: Insecurity in Information Technology - USENIX Enigma Edition

The Plan:

1. Support dev and sec team with processes, training, and resources so they can confidently get the job done.

2. Initiate and then maintain culture change.

Page 14: Insecurity in Information Technology - USENIX Enigma Edition

The Plan:

1. Support dev and sec team with processes, training, and resources so they can confidently get the job done.

2. Initiate and then maintain culture change.

Page 15: Insecurity in Information Technology - USENIX Enigma Edition

The Plan:

1. Support dev and sec team with processes, training, and resources so they can confidently get the job done.

2. Initiate and then maintain culture change.

Page 16: Insecurity in Information Technology - USENIX Enigma Edition

The Plan:

1. Support dev and sec team with processes, training, and resources so they can confidently get the job done.

2. Initiate and then maintain culture change.

Page 17: Insecurity in Information Technology - USENIX Enigma Edition

The Plan:

1. Support dev and sec team with processes, training, and resources so they can confidently get the job done.

2. Initiate and then maintain culture change.

Page 18: Insecurity in Information Technology - USENIX Enigma Edition
Page 19: Insecurity in Information Technology - USENIX Enigma Edition
Page 20: Insecurity in Information Technology - USENIX Enigma Edition
Page 21: Insecurity in Information Technology - USENIX Enigma Edition

Start Security Earlier!

Requirements Design Code Testing Release

Push Left!

Page 22: Insecurity in Information Technology - USENIX Enigma Edition

Break security testing into smaller pieces

Page 23: Insecurity in Information Technology - USENIX Enigma Edition
Page 24: Insecurity in Information Technology - USENIX Enigma Edition
Page 25: Insecurity in Information Technology - USENIX Enigma Edition

1

Page 26: Insecurity in Information Technology - USENIX Enigma Edition

1

Page 27: Insecurity in Information Technology - USENIX Enigma Edition

Job Shadowing

Page 28: Insecurity in Information Technology - USENIX Enigma Edition
Page 29: Insecurity in Information Technology - USENIX Enigma Edition
Page 30: Insecurity in Information Technology - USENIX Enigma Edition

2Give Developers Security Tools!

Page 31: Insecurity in Information Technology - USENIX Enigma Edition
Page 32: Insecurity in Information Technology - USENIX Enigma Edition

OWASP: Your new BFF!!!

The Open Web Application Security Project

Page 33: Insecurity in Information Technology - USENIX Enigma Edition
Page 34: Insecurity in Information Technology - USENIX Enigma Edition

2

Page 35: Insecurity in Information Technology - USENIX Enigma Edition

2

Page 36: Insecurity in Information Technology - USENIX Enigma Edition

In Summary:

1. Support dev and sec team with processes, training, and resources so they can confidently get the job done.

2. Initiate and then maintain culture change.

Page 37: Insecurity in Information Technology - USENIX Enigma Edition

In Summary:

1. Support dev and sec team with processes, training, and resources so they can confidently get the job done.

2. Initiate and then maintain culture change.

Page 38: Insecurity in Information Technology - USENIX Enigma Edition

In Summary:

1. Support dev and sec team with processes, training, and resources so they can confidently get the job done.

2. Initiate and then maintain culture change.

Page 39: Insecurity in Information Technology - USENIX Enigma Edition

In Summary:

1. Support dev and sec team with processes, training, and resources so they can confidently get the job done.

2. Initiate and then maintain culture change.

Page 40: Insecurity in Information Technology - USENIX Enigma Edition

In Summary:

1. Support dev and sec team with processes, training, and resources so they can confidently get the job done.

2. Initiate and then maintain culture change.

Page 41: Insecurity in Information Technology - USENIX Enigma Edition
Page 42: Insecurity in Information Technology - USENIX Enigma Edition

ANY

QUESTIONS?OWASP Ottawa Chapter Leader

OWASP DevSlop Project Leader

@SheHacksPurple

Tanya [email protected]